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Voter Rolls 


° Legislation should be considered that links voter roll registration to changes in 
driver’s licenses or other state identification. 


° Legislation should be considered that requires voter rolls be validated against the 
NCOA both 90 days or more prior to the election, in addition to a week before 
mail-in ballots are sent out. This validates whether a mail-in ballot should be sent 
before its sent. 


° Legislation should be considered that gives a legally required frequency where 
the voter rolls should be periodically be compared against ERIC, the Social 
Security’s Master Death List, or other commercially available tools that give 
access to this information. 
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Election Software 


° Legislation should be considered that would require applications developed and utilized 
for voter rolls or voting to be developed to rigorous standards that ensure the 
confidentiality and integrity of the systems. 


° Open Web Application Security Project (OWASP) Application Security Verification 
Standard (ASVS) Level 3 is recommended. 


eLegislation should be considered which requires voter roll and voting equipment, or any 
other election software to go through regular assessments to confirm ASVS Level 3 
requirements are meant. 


° Software should not be allowed to be utilized until any Critical or High issues are 
remediated and there should be a remediation plan for other severity vulnerabilities. 
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Voting Machines 


Legislation should be considered that requires following all CISA Guidelines for Election 
Systems and Equipment, the documentation of any variations among these guidelines, and 
the signing off on a risk memo by the appropriate party for any derivations from those 
guidelines. 


Legislation should be considered which requires the assignment of individual usernames and 


passwords for all election related equipment and matters. 
Legislation should be considered that requires the real-time network monitoring of all 
election equipment, even on air gapped networks. 


*Legislation should be considered that would prohibit internet capable Election Management 
System Servers or similar equipment from being utilized; or any other type of hardware or 
equipment that could potentially allow remote access. 


° No built-in capability such as a Wi-Fi card or cellular modem, regardless of whether this used. 
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Voting Machines 


°Furthermore, County employees should have access to all administrative functions of all 
election equipment and have sufficient access to independently validate any configuration 
items on the device without requiring the involvement of any 3 party vendor. 


°In addition, electronic voting machines must always have a paper backup of all ballots 
which can be used to confirm that votes were cast as intended; and these machines must be 


regularly maintained according to the vendors recommended maintenance schedule. 


Legislation should be considered that would require that paper stocks utilized on election 
day conform to manufacturer recommendations to ensure that the paper that has been 
tested in the device is what is actually utilized to cast votes. 
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Election Audits 


Legislation should be considered that creates an election audit department in charge of 
regularly conducting audits on a rotating basis across all counties in Arizona after elections. 


Legislation should be considered that requires batches of ballots to be clearly labeled, 
separated from each other in a manner where they cannot easily mix together, and easily 
connected to the batches run through the tabulation equipment for easy auditing of the 
system. 

*Legislation should be considered to penalize purposely inhibiting a legislative investigation, 
or an Officially sanctioned audit of an election. 
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Ballots 


*Legislation should be considered that will make ballot images and the Cast Vote Record 
artifacts from an election that is published within a few days of the results being certified for 
increased transparency and accountability in the election process. 


Legislation should further be considered that would require all ballots to be cast on paper 
by hand utilizing paper with security features such as watermarks or similar technology; with 


a detailed accounting of what paper(s) and the quantities utilized for any given election 
cycle. 


¢Mail-in voting should incorporate an objective standard of verification for early voter 
identification, similar to the ID requirements required for in person voting. 
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